PT-2026-41276

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the update preview JavaScript function...

Wimi Teamwork On-Premises 安全漏洞

Wimi Teamwork On-Premises is an enterprise collaboration platform developed by the French company Teamwork. Versions of Wimi Teamwork On-Premises prior to 8.2.0 contained a security vulnerability. This vulnerability stemmed from an insecure direct object reference in the preview.php endpoint, whi...

CVE-2026-2113

tpadmin up to v1.3.12 is affected by a remote code execution/deserialization vulnerability in /public/static/admin/lib/webuploader/0.1.5/server/preview.php. The webuploader/preview.php endpoint lacks proper authentication and file validation, allowing unauthenticated attackers to upload arbitrary...

CVE-2025-67483

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...

CVE-2025-15426

A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...

CVE-2023-40361

SECUDOS Qiata DOMOS OS 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user...

GZ Scripts GZ Forum Script 跨站脚本漏洞

GZ Scripts GZ Forum Script is a forum system from GZ Scripts, Inc. A cross-site scripting vulnerability exists in GZ Scripts GZ Forum Script, which stems from. /preview.php has unknown issues...

CVE-2018-6465

The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php...

PT-2018-17274

Name of the Vulnerable Software and Affected Versions: Flexible Poll version 1.2 Description: A SQL Injection issue exists, allowing exploitation via the id parameter to "mobile preview.php" or "index.php" API endpoints. Recommendations: For Flexible Poll version 1.2, avoid using the id parameter...